agent-token-budget-mcp

v1.1.1 suspicious
7.0
High Risk

Agent Token Budget MCP — per-session spend cap with signed budget-exhausted attestations. Twin of bft-progress-council-mcp (spend-axis vs stall-axis guardrail). By MEOK AI Labs.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has low risks in terms of network activity, shell execution, obfuscation, and credential harvesting. However, its metadata raises concerns due to the lack of maintainer history, a single release, and an inactive author account.

  • Lack of maintainer history
  • Single release
  • Inactive author account
Per-check LLM notes
  • Network: No network calls detected, which is normal if the package does not require external communication.
  • Shell: No shell execution detected, which is normal unless the package's functionality requires it.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package shows several red flags including lack of maintainer history, single release, and inactive author account, suggesting potential risk.

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: meok.ai>

Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 6.0

3 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agent-token-budget-mcp 
Create a mini-application called 'BudgetGuard' that helps users manage their token usage within a session, ensuring they don't exceed a predefined budget. This application will utilize the 'agent-token-budget-mcp' package to enforce spending limits on tokens and provide notifications when the budget is about to be exhausted. Here’s a step-by-step guide on how to develop this application:

1. **Setup Project Environment**: Initialize a new Python project and install the necessary packages including 'agent-token-budget-mcp'.
2. **Define User Interface**: Design a simple command-line interface (CLI) or a basic web interface where users can input their initial token budget and monitor their usage.
3. **Implement Token Usage Tracking**: Use 'agent-token-budget-mcp' to track token usage in real-time. Each action that consumes tokens (e.g., API calls, transactions) should be accounted for.
4. **Budget Enforcement**: When the user-defined budget is reached, the application should automatically stop further actions from consuming more tokens. Implement a mechanism to generate and verify signed attestations when the budget is exhausted.
5. **Notifications**: Develop a feature that alerts users when they are nearing their budget limit. This could be through email, SMS, or in-app notifications depending on the chosen interface.
6. **Testing and Validation**: Test the application thoroughly under different scenarios to ensure that it accurately tracks token usage and enforces the budget constraints effectively.
7. **Documentation**: Provide clear documentation explaining how to set up and use the application, including examples of common use cases.

Suggested Features:
- Support for multiple sessions/users with individual budgets.
- Historical usage reports for analysis.
- Integration with external services to automate certain actions based on budget status.
- Customizable notification settings allowing users to choose preferred alert methods.

By following these steps and utilizing the 'agent-token-budget-mcp' package, you'll create a robust tool that helps manage and control token usage efficiently.